When will the "Apache 2.4.26-Dev Win64" be reclassified as a Production release? Or would you advise that if we need to get Apache running on Windows with OpenSSL 1.1.0, then we should deploy this release on a production server?

vc15 is backward compatible to vc14. That means, a vc14 module can sure be used inside vc15 binary. Thus, same for Apache and PHP as module. Regarding OpenSSL - the applink technology I introduced back then is in first place about staying compatible with different CRT. Even if it is promised to provide also compatibility between different versions, we've seen that it's not always true, recall the case where OpenSSL broke ABI by disabling weak ciphers.

Thus - in general dropping is OK, as long as the OpenSSL series matches, say both PHP and Apache are linked with either 1.0, or both with 1.1. For FCGI it of course doesn't matter, but for PHP as module. As httpd.exe provides the applink symbol, the PHP DLL will find it and possibly use incompatible routines. With this in mind, I wouldn't expect any issues if both bins are linked with same OpenSSL series. At apachelounge it is tested a no issues.

When will the "Apache 2.4.26-Dev Win64" be reclassified as a Production release? Or would you advise that if we need to get Apache running on Windows with OpenSSL 1.1.0, then we should deploy this release on a production server?